Welcome to Rob's Tools and Utilities Page

You are welcome to peruse, download, use, and re-distribute any of the tools contained herein. However, there are some caveats:

• You may NOT re-distribute nor modify the code without keeping the original author message, README, and Makefile with the package, if applicable. In other words, don't change two lines and then re-distribute the code as your own.
• None of these tools or utilities come with ANY warranty either written or implied. By downloading any tool, you accept full responsibility for the use, misuse, or abuse of the tool and any result from such use. The author of the tool is not liable for the tool and makes no guarantees about their use.

Tools

• ifstatus , a tool that will generate alerts about network interfaces that have been placed in promiscuous mode.

• getsym , a tool that will give you the value of a given kernel symbol name.

• wrapper , a script for heterogenous UNIX environments that want to share a common binary directory (e.g. /usr/share/bin), but do not want the hassle of forcing the user community to remember which binary to execute (e.g. /usr/share/bin/xv.hp, /usr/share/bin/xv.sgi, etc.).

• memlook , a tool that allows you to examine the image size, resident set size, heap size, and stack size, all in bytes, for a given process. You can also give an interval, in seconds, for continued monitoring.

• nocando , a denial shell that provides logging when users with this shell attempt to gain access. This is a convenient shell for non login accounts as well as locked accounts.

• POPpass , a tool that allows users to change their POP passwords over the web. A bit dated now, although I still receive requests for it.

• pwchk , a tool that verifies and validates login accounts, including both local and NIS/NIS+ accounts. This is a nice "double check" to ensure that a created account is actually visible on a given host.

• su replacement , a modified version of the venerable su program that includes syslog logging as well as the standard sulog logging. I originally wrote this to prevent users from rebooting HP workstations to become root. The problem is long since gone, but the code still provides, IMHO, better logging than standard su.

• mtaprobe , an Expect script that probes a mail relay and gathers the type and version of SMTP software, the ability to run EXPN, and if the probed server is a wide-open mail relay. This is a nice way to discover possible SMTP woes on your network.

• poptart , an Expect script that probes the POP and IMAP ports of a list of hosts to determine the type and version of server the host is running. This can be a nice way to gather information about your network and verify compliance with standards or susceptibility to the latest announced vulnerabilities.

• sockwatch , a tool that monitors a TCP connection between two hosts. I wrote this tool to verify that a network was enduring several outages of an extremely short duration.

• fw-alert , is a collection of two Perl scripts. These scripts, when combined with the FW-1 UserDefined alert option, provide syslog aware real-time alerts. When generating types and forms of alerts, the scripts are only as limited as syslogd.

• mods.c is a quick program designed to query the given STREAMS device and list all modules in that STREAM. It will also POP the module closest to the STREAM head.

• throttle is a Perl program that provides SYN flood defense for Check Point firewalls. The throttle.pl script is much more reliable and much less of a burden than SYN Defender.

• myipcheck is a Perl program that scans a list of IP addresses for any IPs that belong to a set of netblocks. These netblocks are hard-coded into the netblocks array contained in the script.

• coderedscanner , is a scanner authored by Kirby Kuehl (kkuehl at cisco.com) and myself. It is multithreaded, lightning fast, highly accurate, and will scan any size netblock in a very reasonable amout of time.